[alberth]

> Bio-metrics are just convenient because they are unique and hard\impossible to replicate.

But if your biometric is able to be faked, you can't change it like you can change a typical text based password. There's no "reset your password" equivalent for biometrics.

[CyberRage]

Oh gosh... your raw bio-metrics are never stored anywhere...

The signal from the sensor is used as a "seed" to generate key using robust cryptography

Different sensors will output different "data" based on the sensor type.

[imoverclocked]

> your raw bio-metrics are never stored anywhere...

Unless you have a drivers license in California where they require inked versions of your biometrics.

[CyberRage]

That's governments for you(btw not only CA but other places as well) I would definitely be more worried about that than my biometrics on my phone.

[deelowe]

Let's ignore the part about biometrics being faked since this seems to be a point of contention.

Isn't it a fair argument that secret keys should be mutable by the user? In the future, some unforeseen event COULD occur which compromises or otherwise renders the particular biometric unusable. Now what?

[CyberRage]

But they are... Firstly, with how it works. even if you use the same finger to generate hundreds of keys, they should all be different because we are using noise\randomness within the algorithm itself. different sensors will generate different outputs and therefore it is pointless to worry about the key used stolen.

I think what you want is secret keys completely detached from the user. we have that as well with hardware tokens.

[stjohnswarts]

Once they have a way to fake your biometric though they have it for forever, that's the point. With a password you have a way to provide a key only known to you and while it can be faked, it can also be reset, you can't reset your fingerprint without surgery

[CyberRage]

I don't get the point... If someone steals your fingerprint, he stole your fingerprint.

As I explained you can't get the fingerprint from the device\key, it is simply not there.

This isn't the problem of the implementation\technology if someone stole your fingerprint. it didn't lead to your biometrics compromised

What's easier to do? stealing someone's fingerprint or cracking\guessing their password.

Definitely the latter.

[nybble41]

> What's easier to do? stealing someone's fingerprint or cracking\guessing their password.

> Definitely the latter.

You sure about that? A properly generated (i.e. random) password won't be cracked or guessed in any reasonable amount of time, whereas a model of your fingerprint(s) can be lifted from any object you've touched and used to create a silicone mold capable of fooling many fingerprint readers. And you only have 10 of them at best; once all your fingerprints are known to potential attackers that's it; you can't use fingerprint authentication any more for the rest of your life.

[CyberRage]

Let me follow up and say. why do people go nuts over biometrics?

Password based biometrics is the last place I would look at for biometric compromise.

We leave biometric traces everywhere, all the time. do you cover your face and wear gloves in public? hmmmm...

[hansel_der]

> Oh gosh... your raw bio-metrics are never stored anywhere...

right, who would do that... i mean for what purpose...

[CyberRage]

I mean you don't have to give it away if you think Google is storing databases of fingerprints for the lizard masters to track you down.

FIDO simply wants to make authentication stronger, you can use hardware keys that have a key burnt into them which is unique and much harder to brute-force than passwords.

Again according to how biometrics are described in whitepapers\industry, we extract features from the fingerprint\face sometimes very little compared to the actual biometric and use it to derive a key. that key cannot be reversed to get the original features and different algorithms use different features.

[dane-pgp]

> that key cannot be reversed to get the original features

"As a result, the early common belief among the biometrics community of templates irreversibility has been proven wrong. It is now an accepted fact that it is possible to reconstruct from an unprotected template a synthetic sample that matches the bona fide one."

-- Reversing the irreversible: A survey on inverse biometrics

https://www.sciencedirect.com/science/article/pii/S016740481...

[CyberRage]

"from an unprotected template" do you even read? stop trying to find some random internet page to justify yourself, have you ever seen a biometric implementation? I have.

[dane-pgp]

I don't know what counts as a non-random internet page, but here[0] is an article published by the "European Data Protection Supervisor" titled "14 Misunderstandings With Regard To Biometric Identification And Authentication", with number 12 being "Biometric information converted to a hash is not recoverable". It states:

> there are studies showing that the hash could be reversible, that is, it could be possible to obtain the original biometric pattern, especially if the secret of the key used to generate the hash is violated

So yes, there are secret keys involved (which the user has no control over), and no, I've never read through the code of a biometric implementation, but ultimately the space of possible values that someone's face or finger could reliably display is much smaller than even MD5, so it can be brute-forced.

If you have some non-random internet page to justify yourself, and show how much entropy is contained in a biometric hash, and how resistant to cracking that hash is, and how well secured those secret keys are, then I'd be happy to learn more.

[0] https://edps.europa.eu/sites/edp/files/publication/joint_pap...

[hansel_der]

> I mean you don't have to give it away if you think Google is storing databases of fingerprints for the lizard masters to track you down.

also you

> We leave biometric traces everywhere, all the time. do you cover your face and wear gloves in public? hmmmm...